Fixed #31451 -- Made settings cleansing work with list and tuple settings.

Author: ichlaffterlalu

django/views/debug.py

@@ -90,6 +90,10 @@ def cleanse_setting(self, key, value):
  cleansed = self.cleansed_substitute
  elif isinstance(value, dict):
  cleansed = {k: self.cleanse_setting(k, v) for k, v in value.items()}
+ elif isinstance(value, list):
+ cleansed = [self.cleanse_setting('', v) for v in value]
+ elif isinstance(value, tuple):
+ cleansed = tuple([self.cleanse_setting('', v) for v in value])
  else:
  cleansed = value
  except TypeError:

tests/view_tests/tests/test_debug.py

@@ -1249,6 +1249,41 @@ def test_cleanse_setting_recurses_in_dictionary(self):
  {'login': 'cooper', 'password': reporter_filter.cleansed_substitute},
  )
 
+ def test_cleanse_setting_recurses_in_list_tuples(self):
+ reporter_filter = SafeExceptionReporterFilter()
+ initial = [
+ {
+ 'login': 'cooper',
+ 'password': 'secret',
+ 'apps': (
+ {'name': 'app1', 'api_key': 'a06b-c462cffae87a'},
+ {'name': 'app2', 'api_key': 'a9f4-f152e97ad808'},
+ ),
+ 'tokens': ['98b37c57-ec62-4e39', '8690ef7d-8004-4916'],
+ },
+ {'SECRET_KEY': 'c4d77c62-6196-4f17-a06b-c462cffae87a'},
+ ]
+ cleansed = [
+ {
+ 'login': 'cooper',
+ 'password': reporter_filter.cleansed_substitute,
+ 'apps': (
+ {'name': 'app1', 'api_key': reporter_filter.cleansed_substitute},
+ {'name': 'app2', 'api_key': reporter_filter.cleansed_substitute},
+ ),
+ 'tokens': reporter_filter.cleansed_substitute,
+ },
+ {'SECRET_KEY': reporter_filter.cleansed_substitute},
+ ]
+ self.assertEqual(
+ reporter_filter.cleanse_setting('SETTING_NAME', initial),
+ cleansed,
+ )
+ self.assertEqual(
+ reporter_filter.cleanse_setting('SETTING_NAME', tuple(initial)),
+ tuple(cleansed),
+ )
+
  def test_request_meta_filtering(self):
  request = self.rf.get('/', HTTP_SECRET_HEADER='super_secret')
  reporter_filter = SafeExceptionReporterFilter()